Cloud MCP servers (Gmail, Google Calendar) auto-injected without user consent — no opt-out mechanism
Resolved 💬 8 comments Opened Apr 6, 2026 by DrWaKu Closed May 5, 2026
Problem
Claude Code injects cloud-based MCP servers from claude.ai (specifically claude.ai Gmail and claude.ai Google Calendar) into the local CLI without any user opt-in. Every time Claude Code starts, it reports these servers need authentication — for services the user never installed, never agreed to, and does not want.
This is related to #20412 but focuses on the consent and privacy angle rather than the memory/OOM issue.
Why this matters
- No consent was given. I never installed, enabled, or agreed to Google/Gmail integration. These appeared in my local terminal uninvited.
- Privacy concern. Not every user trusts Google with their data. Having Google services surface in a local development tool — prompting for authentication on every startup — is unacceptable when the user never opted in.
- Cannot be removed.
claude mcp removedoes not work for these cloud-injected servers. The only workaround is editing a cached feature flag (tengu_claudeai_mcp_connectors) in~/.claude.json, which may be overwritten on update. - Annoying on every startup. The "needs authentication" warnings appear every time Claude Code launches, nagging the user to connect services they explicitly do not want.
Expected behavior
- Cloud MCP servers should be opt-in only — never injected without explicit user action
- Users should be able to permanently disable/remove cloud MCPs via
claude mcp removeor a config setting - A local CLI tool should not push third-party service integrations (especially Google) without consent
Workaround
Edit ~/.claude.json and set:
"tengu_claudeai_mcp_connectors": false
inside cachedGrowthBookFeatures. This is fragile and may be overwritten.
Environment
- Claude Code (macOS)
- The servers appear as:
claude.ai Gmail,claude.ai Google Calendar
This issue has 8 comments on GitHub. Read the full discussion on GitHub ↗